It may be deliberate behaviour by Office365, to avoid giving out
information that may assist an attacker.

Ralph Mitchell

On Thu, Jun 4, 2015 at 11:26 AM, Jamie Gordon <jamie_at_deslock.com> wrote:

> Hi
>
> I have a problem with the correct error handling for SMTP errors when
> using libcurl and I'd be pleased if anyone can help/advise me. Specifically
> in this case I am using libcurl 7.42.1 but the same behaviour has been seen
> with previous versions I have tested with.
>
> This issue is, if I use the wrong password with Office365 I get error
> "CURLE_OPERATION_TIMEDOUT " and the internal curl message
> (CURLOPT_ERRORBUFFER) is "Operation timed out after 0 milliseconds with 0
> out of 0 bytes received". Actually some other servers using TLS do this
> also, but they have been at customer sites and I don't have any debug from
> those servers. But the issue is repeatable for me using Office365. If I use
> the correct username/password an email is sent fine. And I've been using
> the same sending code for a while with standard port 25 SMTP.
>
> You can see the debug from the libcurl below (this is output from my own
> CURLOPT_DEBUGFUNCTION callback function). I've just used a made up a
> username/password of test_at_example.com/moo.
>
> <debug>
> EHLO myhost
>
> 250-AM2PR09CA0025.outlook.office365.com Hello [194.75.73.194]
> 250-SIZE 157286400
> 250-PIPELINING
> 250-DSN
> 250-ENHANCEDSTATUSCODES
> 250-AUTH LOGIN
> 250-8BITMIME
> 250-BINARYMIME
> 250 CHUNKING
>
> AUTH LOGIN
>
> 334 VXNlcm5hbWU6
>
> dGVzdEBleGFtcGxlLmNvbQ==
>
> 334 UGFzc3dvcmQ6
>
> bW9v
>
> Operation timed out after 0 milliseconds with 0 out of 0 bytes received
> Closing connection 0
> </debug>
>
> In terms of function calls:
>
> curl_easy_perform returned 28 (CURLE_OPERATION_TIMEDOUT)
> curl_easy_getinfo(CURLINFO_HTTP_CONNECTCODE) returned 334
> and
> curl_easy_getinfo(CURLINFO_RESPONSE_CODE) returned 0
>
> Interestingly, if I use gmail with the wrong password I see more relevant
> info in the debug. And curl_easy_perform also gives me CURLE_LOGIN_DENIED
> which is much more user friendly.
>
> <debug>
> 535-5.7.8 Username and Password not accepted. Learn more at
> 535 5.7.8 https://support.google.com/mail/answer/14257 ju2sm6707323wid.12
> - gsmtp
> Closing connection 0
> </debug>
>
> So this seems maybe specific to the server somehow. Is it a problem with
> the Office365 response in TLS? Is their exchange server doing something
> wrong? Or is there some bad handling in libcurl somewhere? Or maybe could I
> have initialised something wrong in my c++ calling libcurl?
>
> If this behaviour by libcurl is "correct" then is it possible to interpret
> what I have to maybe suggest to the user that they have entered invalid
> credentials, rather than presenting them with "Operation timed out after 0
> milliseconds..."?
>
> Otherwise if it is a bug, then I'll try to look into the library in more
> details and see if I can work out what's wrong.
>
> Any advice appreciated.
>
> Thanks
>
> Jamie
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-06-04